1. Field of the Invention
The present invention is directed generally to identification of software components. In particular, the present invention enables the identification of the versions of software components present on a computer system, and subsequently identifies associated vulnerabilities and licenses.
2. Description of the Related Art
A software component is an open-source software project or commercial software package that can be installed in whole or in part on a computer system. Some well-known examples of software components include the Apache Tomcat server, by the Apache Software Foundation; Microsoft Word, by Microsoft; and Firefox, by Mozilla. Typically, over time, updates are made to software components, and new versions are released. For example, at present, the current version of Mozilla's Firefox is release 3.0.3. A particular release may comprise any combination of original code and other software components. Each of these contained components is in itself a particular release version of that component, and each of these may in turn also contain other components. This nested containment can go on to multiple levels of depth. Additionally, especially if needed by more than one other component, a given component may be included via runtime link references, rather than by being strictly nested.
Software components, of both the open-source and commercial varieties, have accompanying licenses that govern how the software component may be used by others. These licenses may vary between different versions of a similar component. In addition, different versions of software components may be subject to certain known vulnerabilities. Identifying actual versions of software components in use is therefore important in assessing vulnerability of a product as well as for complying with open-source and other licensing requirements.